ENCOR Skills Assessment (Scenario 2) (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IPv4 Address IPv6 Address IPv6 Link-Local

R1 G0/0/0.1 10.0.12.1/24 2001:db8:acad:12::1/64 fe80::1:1

R1
G0/0/0.2 10.0.12.1/24 2001:db8:acad:12::1/64 fe80::1:2

R1
G0/0/1.1 10.0.113.1/24 2001:db8:acad:113::1/64 fe80::1:3

R1
G0/0/1.2 10.0.108.1/24 2001:db8:acad:108::1/64 fe80::1:4
R2 G0/0/0.1 10.0.12.2/24 2001:db8:acad:12::2/64 fe80::2:1

R2
G0/0/0.2 10.0.12.2/24 2001:db8:acad:12::2/64 fe80::2:2

R2
G0/0/1.1 10.0.23.2/24 2001:db8:acad:23::2/64 fe80::2:3

R2
G0/0/1.2 10.0.23.2/24 2001:db8:acad:23::2/64 fe80::2:4
R3 G0/0/0.1 10.0.23.3/24 2001:db8:acad:23::3/64 fe80::3:1

R3
G0/0/0.2 10.0.23.3/24 2001:db8:acad:23::3/64 fe80::3:2

R3
G0/0/1.1 10.0.213.1/24 2001:db8:acad:213::1/64 fe80::3:3

R3
G0/0/1.2 10.0.208.1/24 2001:db8:acad:208::1/64 fe80::3:4

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Device Interface IPv4 Address IPv6 Address IPv6 Link-Local

PC1 NIC 10.0.113.50/24 2001:db8:acad:113::50/64 EUI-64

PC2 NIC 10.0.213.50/24 2001:db8:acad:213::50/64 EUI-64
PC3 NIC 10.0.108.50/24 2001:db8:acad:108::50/64 EUI-64
PC4 NIC 10.0.208.50/24 2001:db8:acad:208::50/64 EUI-64

Objectives
Part 1: Build the Network and Configure Basic Device Settings.
Part 2: Configure VRF and Static Routing
Part 3: Configure L2 Network
Part 4: Configure Security
Part 5: Cleanup

Background / Scenario
In this skills assessment, you are responsible for completing the multi-VRF configuration of the network
supporting “General Users” and “Special Users”. Upon completion, there should be full end-to-end
reachability and the two groups should not be able to communicate with each other. Be sure to verify that
your configurations meet the provided specifications and that the devices perform as required.
Note: The routers used with CCNP hands-on labs are Cisco 4221s with Cisco IOS XE Release 16.9.4
(universalk9 image). The switches used in the labs are Cisco Catalyst 3650s with Cisco IOS XE Release
16.9.4 (universalk9 image) and Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image).
Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS
version, the commands available and the output produced might vary from what is shown in the labs.
Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure,
contact your instructor.
Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You
must change the default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual-
ipv4-and-ipv6 default global configuration command. Changing the template will require a reboot.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Instructor Note: This skills assessment presumes that Part 1: Build the Network and Configure Basic Device
Settings and Interface Addressing is not a graded or timed component of the exercise.
Instructor Note: In the interest of time, it may be appropriate to modify some of the requirements from “all
devices” to a select device.

Required Resources
 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
 2 Switches (Cisco 3650 with Cisco IOS XE release 16.9.4 universal image or comparable)
 1 Switch (Cisco 2960 with Cisco IOS release 15.2 lanbase image or comparable)
 4 PCs (Choice of operating system with a terminal emulation program)
 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet cables as shown in the topology

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Instructions

Part 1: Build the Network and Configure Basic Device Settings and Interface
Addressing
In Part 1, you will set up the network topology and configure basic settings.

a. Cable the network as shown in the topology.

Attach the devices as shown in the topology diagram, and cable as necessary.

b. Configure basic settings for each device.

a. Console into each device, enter global configuration mode, and apply the basic settings. The startup
configurations for each device are provided below.
Router R1
hostname R1
ipv6 unicast-routing
no ip domain lookup
banner motd # R1, ENCOR Skills Assessment, Scenario 2 #
line con 0
exec-timeout 0 0
logging synchronous
exit
Router R2
hostname R2
ipv6 unicast-routing
no ip domain lookup
banner motd # R2, ENCOR Skills Assessment, Scenario 2 #
line con 0
exec-timeout 0 0
logging synchronous
exit
Router R3
hostname R3
ipv6 unicast-routing
no ip domain lookup
banner motd # R3, ENCOR Skills Assessment, Scenario 2 #
line con 0
exec-timeout 0 0
logging synchronous
exit
Switch D1
hostname D1
ip routing
ipv6 unicast-routing
no ip domain lookup

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

banner motd # D1, ENCOR Skills Assessment, Scenario 2 #

line con 0
exec-timeout 0 0
logging synchronous
exit
vlan 8
name General-Users
exit
vlan 13
name Special-Users
exit
Switch D2
hostname D2
ip routing
ipv6 unicast-routing
no ip domain lookup
banner motd # D2, ENCOR Skills Assessment, Scenario 2 #
line con 0
exec-timeout 0 0
logging synchronous
exit
vlan 8
name General-Users
exit
vlan 13
name Special-Users
exit
Switch A1
hostname A1
ipv6 unicast-routing
no ip domain lookup
banner motd # A1, ENCOR Skills Assessment, Scenario 2 #
line con 0
exec-timeout 0 0
logging synchronous
exit
vlan 8
name General-Users
exit
b. Save the running configuration to startup-config on all devices.
c. Configure PC1, PC2, PC3, and PC4 host addressing as shown in the addressing table.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Part 2: Configure VRF and Static Routing

In this part of the Skills Assessment, you will configure VRF-Lite on all three routers and the appropriate static
routes to support end-to-end reachability. At the end of this part, R1 should be able to ping R3 in each VRF.
Your configuration tasks are as follows:

Task# Task Specification Points

On R1, R2, and R3, configure VRF-Lite Configure two VRFs:

VRFs as shown in the topology  General-Users
2.1 diagram.  Special-Users 12

The VRFs must support IPv4 and IPv6.

On R1, R2, and R3, configure IPv4 and All routers will use Router-On-A-Stick on their
IPv6 interfaces on each VRF as G0/0/1.x interfaces to support separation of the
detailed in the addressing table above. VRFs.
Sub-interface 1:
 In the Special Users VRF
 Use dot1q encapsulation 13
2.2  IPv4 and IPv6 GUA and link-local addresses 12
 Enable the interfaces
Sub-interface 2:
 In the General Users VRF
 Use dot1q encapsulation 8
 IPv4 and IPv6 GUA and link-local addresses
 Enable the interfaces

On R1 and R3, configure default static Configure VRF static routes for both IPv4 and
2.3 8
routes pointing to R2. IPv6 in both VRFs.

Verify connectivity in each VRF. From R1, verify connectivity to R3:

 ping vrf General-Users 10.0.208.1
2.4  ping vrf General-Users 2001:db8:acad:208::1 4
 ping vrf Special-Users 10.0.213.1
 ping vrf Special-Users 2001:db8:acad:213::1

Note: R1 will not be able to ping PC2 or PC 4 yet.

Instructor Verification:
Verify VRF configuration and address assignment using the show ip vrf interfaces command. (Tasks 2.1
and 2.2)
R1# show ip vrf interfaces
Interface IP-Address VRF Protocol
Gi0/0/0.2 10.0.12.1 General-Users up
Gi0/0/1.2 10.0.108.1 General-Users up
Gi0/0/0.1 10.0.12.1 Special-Users up
Gi0/0/1.1 10.0.113.1 Special-Users up

R2# show ip vrf interfaces

Interface IP-Address VRF Protocol
Gi0/0/1.2 10.0.23.2 General-Users up

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Gi0/0/0.2 10.0.12.2 General-Users up

Gi0/0/1.1 10.0.23.2 Special-Users up
Gi0/0/0.1 10.0.12.2 Special-Users up

R3# show ip vrf interfaces

Interface IP-Address VRF Protocol
Gi0/0/0.2 10.0.23.3 General-Users up
Gi0/0/1.2 10.0.208.1 General-Users up
Gi0/0/0.1 10.0.23.3 Special-Users up
Gi0/0/1.1 10.0.213.1 Special-Users up

Verify the static routes (Task 2.3)

R1# show run | inc route
ip route vrf General-Users 0.0.0.0 0.0.0.0 10.0.12.2
ip route vrf Special-Users 0.0.0.0 0.0.0.0 10.0.12.2
ipv6 route vrf General-Users ::/0 2001:DB8:ACAD:12::2
ipv6 route vrf Special-Users ::/0 2001:DB8:ACAD:12::2

R2# show run | inc route

ip route vrf General-Users 10.0.108.0 255.255.255.0 10.0.12.1
ip route vrf General-Users 10.0.208.0 255.255.255.0 10.0.23.3
ip route vrf Special-Users 10.0.113.0 255.255.255.0 10.0.12.1
ip route vrf Special-Users 10.0.213.0 255.255.255.0 10.0.23.3
ipv6 route vrf General-Users 2001:DB8:ACAD:108::/64 2001:DB8:ACAD:12::1
ipv6 route vrf Special-Users 2001:DB8:ACAD:113::/64 2001:DB8:ACAD:12::1
ipv6 route vrf General-Users 2001:DB8:ACAD:208::/64 2001:DB8:ACAD:23::3
ipv6 route vrf Special-Users 2001:DB8:ACAD:213::/64 2001:DB8:ACAD:23::3

R3# show run | inc route

ip route vrf General-Users 0.0.0.0 0.0.0.0 10.0.23.2
ip route vrf Special-Users 0.0.0.0 0.0.0.0 10.0.23.2
ipv6 route vrf Special-Users ::/0 2001:DB8:ACAD:23::2
ipv6 route vrf General-Users ::/0 2001:DB8:ACAD:23::2

Verify IPv4 and IPv6 pings of R3 from R1; all pings should be successful. (Task 2.4)
R1# ping vrf General-Users 10.0.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.208.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1# ping vrf General-Users 2001:db8:acad:208::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ACAD:208::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1# ping vrf Special-Users 10.0.213.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.213.1, timeout is 2 seconds:

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 6 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R1# ping vrf Special-Users 2001:db8:acad:213::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ACAD:213::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Part 3: Configure L2 Network

In this part, you will configure the switches to support host connectivity.
Your configuration tasks are as follows:

Task# Task Specification Points

On D1, D2, and A1, disable all On D1 and D2, shutdown G1/0/1 to G1/0/24.
3.1 interfaces. 2
On A1, shutdown F0/1 – F0/24, G0/1 – G0/2.
On D1 and D2, configure the trunk Configure and enable the G1/0/11 link as a trunk
3.2 4
links to R1 and R3. link.
On D1 and A1, configure the On D1, configure and enable:
EtherChannel.  Interface G1/0/5 and G1/0/6
 Port Channel 1 using PAgP
3.3 8
On A1, configure enable:
 Interface F0/1 and F0/2
 Port Channel 1 using PAgP

On D1, D2, and A1, configure access
ports for PC1, PC2, PC3, and PC4.
3.4
Configure and enable the access ports as follows:
 On D1, configure interface G1/0/23 as an
access port in VLAN 13 and enable Portfast.
 On D2, configure interface G1/0/23 as an
access port in VLAN 13 and enable Portfast. 6
 On D2, configure interface G1/0/24 as an
access port in VLAN 8 and enable Portfast.
 On A1, configure interface F0/23 as an access
port in VLAN 8 and enable Portfast.

Verify PC to PC connectivity. From PC1, verify IPv4 and IPv6 connectivity to

PC2.
3.5 4
From PC3, verify IPv4 and IPv6 connectivity to
PC4.
Instructor Verification:
Issue the command show interfaces trunk to verify trunk connectivity and settings.
D1# show interfaces trunk

Port Mode Encapsulation Status Native vlan

Gi1/0/11 on 802.1q trunking 1
Po1 on 802.1q trunking 1

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 7 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Port Vlans allowed on trunk

Gi1/0/11 1-4094
Po1 1-4094

Port Vlans allowed and active in management domain

Gi1/0/11 1,8,13
Po1 1,8,13

Port Vlans in spanning tree forwarding state and not pruned

Gi1/0/11 1,8,13
Po1 1,8,13

Issue the command show etherchannel summary to verify the etherchannel settings.
D1# show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port

A - formed by Auto LAG

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Gi1/0/5(P) Gi1/0/6(P)

Issue the command show run interface g1/0/23 or show run interface f0/23 to validate host port settings.
D1# show run interface g1/0/23
Building configuration...

Current configuration : 114 bytes

!
interface GigabitEthernet1/0/23
switchport access vlan 13
switchport mode access
spanning-tree portfast

Verify that PC1 can reach PC2. IPv4 and IPv6 pings from PC1 to PC2 are successful.
Verify that PC3 can reach PC4. IPv4 and IPv6 pings from PC3 to PC4 are successful.
Note: PC1 and PC2 cannot ping PC3 or PC4.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 8 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Part 4: Configure Security

In this part you will configure various security mechanisms on the devices in the topology.
Your configuration tasks are as follows:

Task# Task Specification Points

On all devices, secure privileged EXE Configure an enable secret as follows:

5.1 mode.  Algorithm type: SCRYPT 6
 Password: cisco12345cisco.

On all devices, create a local user Configure a local user:

account.  Name: admin
5.2  Privilege level: 15 6
 Algorithm type: SCRYPT
 Password: cisco12345cisco.

On all devices, enable AAA and enable Enable AAA authentication using the local
5.3 2
AAA authentication. database on all lines.

Instructor Verification:
Issue the command show run | include aaa|username to verify that the AAA settings are configured.
D2# show run | include aaa|username
aaa new-model
aaa authentication login default local
aaa session-id common
username admin privilege 15 secret 9
$9$XjgowiPNCh.RRk$CwCEW/a6DqO12aRmLFaBfhhJPW.V/7KuJaqHS5m4RmU

Part 5: Cleanup
NOTE: DO NOT PROCEED WITH CLEANUP UNTIL YOUR INSTRUCTOR HAS GRADED YOUR SKILLS
ASSESSMENT AND HAS INFORMED YOU THAT YOU MAY BEGIN CLEANUP.
Unless directed otherwise by the instructor, restore host computer network connectivity, and then turn off
power to the host computers.
Remove NVRAM configuration files (if saved) and vlan databases from all devices before turning them off or
reloading them.
End of document

Device Configurations (Answers)

Listed below are the configuration commands used to create the skills assessment

Part 2: VRF and Static Routing (student configures)

Router R1
vrf definition General-Users
address-family ipv4
address-family ipv6
exit
vrf definition Special-Users

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 9 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

address-family ipv4
address-family ipv6
exit
interface g0/0/0.1
encapsulation dot1q 13
vrf forwarding Special-Users
ip address 10.0.12.1 255.255.255.0
ipv6 address fe80::1:1 link-local
ipv6 address 2001:db8:acad:12::1/64
no shutdown
exit
interface g0/0/0.2
encapsulation dot1q 8
vrf forwarding General-Users
ip address 10.0.12.1 255.255.255.0
ipv6 address fe80::1:2 link-local
ipv6 address 2001:db8:acad:12::1/64
no shutdown
exit
interface g0/0/0
no ip address
no shutdown
exit
interface g0/0/1.1
encapsulation dot1q 13
vrf forwarding Special-Users
ip address 10.0.113.1 255.255.255.0
ipv6 address fe80::1:3 link-local
ipv6 address 2001:db8:acad:113::1/64
no shutdown
exit
interface g0/0/1.2
encapsulation dot1q 8
vrf forward General-Users
ip address 10.0.108.1 255.255.255.0
ipv6 address fe80::1:4 link-local
ipv6 address 2001:db8:acad:108::1/64
no shutdown
exit
interface g0/0/1
no ip address
no shutdown
exit
ip route vrf Special-Users 0.0.0.0 0.0.0.0 10.0.12.2
ip route vrf General-Users 0.0.0.0 0.0.0.0 10.0.12.2
ipv6 route vrf Special-Users ::/0 2001:db8:acad:12::2
ipv6 route vrf General-Users ::/0 2001:db8:acad:12::2
end

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 10 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

Router R2
vrf definition General-Users
address-family ipv4
address-family ipv6
exit
vrf definition Special-Users
address-family ipv4
address-family ipv6
exit
interface g0/0/0.1
encapsulation dot1q 13
vrf forwarding Special-Users
ip address 10.0.12.2 255.255.255.0
ipv6 address fe80::2:1 link-local
ipv6 address 2001:db8:acad:12::2/64
no shutdown
exit
interface g0/0/0.2
encapsulation dot1q 8
vrf forwarding General-Users
ip address 10.0.12.2 255.255.255.0
ipv6 address fe80::2:2 link-local
ipv6 address 2001:db8:acad:12::2/64
no shutdown
exit
interface g0/0/0
no ip address
no shutdown
exit
interface g0/0/1.1
encapsulation dot1q 13
vrf forwarding Special-Users
ip address 10.0.23.2 255.255.255.0
ipv6 address fe80::2:3 link-local
ipv6 address 2001:db8:acad:23::2/64
no shutdown
exit
interface g0/0/1.2
encapsulation dot1q 8
vrf forwarding General-Users
ip address 10.0.23.2 255.255.255.0
ipv6 address fe80::2:4 link-local
ipv6 address 2001:db8:acad:23::2/64
no shutdown
exit
interface g0/0/1
no ip address
no shutdown
exit
ip route vrf Special-Users 10.0.113.0 255.255.255.0 10.0.12.1

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 11 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

ip route vrf Special-Users 10.0.213.0 255.255.255.0 10.0.23.3

ipv6 route vrf Special-Users 2001:db8:acad:113::/64 2001:db8:acad:12::1
ipv6 route vrf Special-Users 2001:db8:acad:213::/64 2001:db8:acad:23::3
ip route vrf General-Users 10.0.108.0 255.255.255.0 10.0.12.1
ip route vrf General-Users 10.0.208.0 255.255.255.0 10.0.23.3
ipv6 route vrf General-Users 2001:db8:acad:108::/64 2001:db8:acad:12::1
ipv6 route vrf General-Users 2001:db8:acad:208::/64 2001:db8:acad:23::3
end

Router R3
vrf definition General-Users
address-family ipv4
address-family ipv6
exit
vrf definition Special-Users
address-family ipv4
address-family ipv6
exit
interface g0/0/0.1
encapsulation dot1q 13
vrf forwarding Special-Users
ip address 10.0.23.3 255.255.255.0
ipv6 address fe80::3:1 link-local
ipv6 address 2001:db8:acad:23::3/64
no shutdown
exit
interface g0/0/0.2
encapsulation dot1q 8
vrf forwarding General-Users
ip address 10.0.23.3 255.255.255.0
ipv6 address fe80::3:2 link-local
ipv6 address 2001:db8:acad:23::3/64
no shutdown
exit
interface g0/0/0
no ip address
no shutdown
exit
interface g0/0/1.1
encapsulation dot1q 13
vrf forwarding Special-Users
ip address 10.0.213.1 255.255.255.0
ipv6 address fe80::3:3 link-local
ipv6 address 2001:db8:acad:213::1/64
no shutdown
exit
interface g0/0/1.2
encapsulation dot1q 8
vrf forward General-Users
ip address 10.0.208.1 255.255.255.0

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 12 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

ipv6 address fe80::3:4 link-local

ipv6 address 2001:db8:acad:208::1/64
no shutdown
exit
interface g0/0/1
no ip address
no shutdown
exit
ip route vrf Special-Users 0.0.0.0 0.0.0.0 10.0.23.2
ip route vrf General-Users 0.0.0.0 0.0.0.0 10.0.23.2
ipv6 route vrf Special-Users ::/0 2001:db8:acad:23::2
ipv6 route vrf General-Users ::/0 2001:db8:acad:23::2

Part 3 Switching (student configures)

Switch D1
interface range g1/0/1-24
shutdown
exit
interface g1/0/11
switchport mode trunk
no shutdown
exit
!
interface g1/0/23
switchport mode access
switchport access vlan 13
spanning-tree portfast
no shutdown
exit
interface range g1/0/5-6
switchport mode trunk
channel-group 1 mode desirable
no shutdown
exit

Switch D2
interface range g1/0/1-24
shutdown
exit
interface g1/0/11
switchport mode trunk
no shutdown
exit
!
interface g1/0/23
switchport mode access
switchport access vlan 13
spanning-tree portfast

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 13 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

no shutdown
exit
interface g1/0/24
switchport mode access
switchport access vlan 8
spanning-tree portfast
no shutdown
exit

Switch A1
interface range f0/1-24, g0/1-2
shutdown
exit
interface f0/23
switchport mode access
switchport access vlan 8
spanning-tree portfast
no shutdown
exit
interface range f0/1-2
switchport mode trunk
channel-group 1 mode desirable
no shutdown
exit

Part 4: Security (Student configures)

-------------------------------------
All devices:
enable algorithm-type scrypt secret cisco12345cisco
username admin privilege 15 algorithm-type scrypt secret cisco12345cisco
aaa new-model
aaa authentication login default local
end

Device Configurations (Final)

Router R1
R1# show run
Building configuration...

Current configuration : 2434 bytes

!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 14 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition General-Users
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition Special-Users
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 $9$zoLy2xVn9zcnb.$CFCHOBcQkjBm2C8a7VzDkhM2DCYnF9/aSc4B/FRXO2k
!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9
$9$5N85J1uzgRjVpE$z4mPVfXwPae5qgqpwIC6UgVMGb8Ryf1h9oNg79qhLDc
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 15 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 13
vrf forwarding Special-Users
ip address 10.0.12.1 255.255.255.0
ipv6 address FE80::1:1 link-local
ipv6 address 2001:DB8:ACAD:12::1/64
!
interface GigabitEthernet0/0/0.2
encapsulation dot1Q 8
vrf forwarding General-Users
ip address 10.0.12.1 255.255.255.0
ipv6 address FE80::1:2 link-local
ipv6 address 2001:DB8:ACAD:12::1/64
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.1
encapsulation dot1Q 13
vrf forwarding Special-Users
ip address 10.0.113.1 255.255.255.0
ipv6 address FE80::1:3 link-local
ipv6 address 2001:DB8:ACAD:113::1/64
!
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 8
vrf forwarding General-Users
ip address 10.0.108.1 255.255.255.0
ipv6 address FE80::1:4 link-local
ipv6 address 2001:DB8:ACAD:108::1/64
!
interface Serial0/1/0
no ip address
!
interface Serial0/1/1
no ip address
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route vrf General-Users 0.0.0.0 0.0.0.0 10.0.12.2
ip route vrf Special-Users 0.0.0.0 0.0.0.0 10.0.12.2
!
ipv6 route vrf General-Users ::/0 2001:DB8:ACAD:12::2
ipv6 route vrf Special-Users ::/0 2001:DB8:ACAD:12::2
!
control-plane
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 16 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

banner motd ^C R1, ENCOR Skills Assessment, Scenario 2 ^C

!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end

Router R2
R2# show run
Building configuration...

Current configuration : 2674 bytes

!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
vrf definition General-Users
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 $9$zoLy2xVn9zcnb.$CFCHOBcQkjBm2C8a7VzDkhM2DCYnF9/aSc4B/FRXO2k
!
vrf definition Special-Users
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 17 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9
$9$5N85J1uzgRjVpE$z4mPVfXwPae5qgqpwIC6UgVMGb8Ryf1h9oNg79qhLDc
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 13
vrf forwarding Special-Users
ip address 10.0.12.2 255.255.255.0
ipv6 address FE80::2:1 link-local
ipv6 address 2001:DB8:ACAD:12::2/64
!
interface GigabitEthernet0/0/0.2
encapsulation dot1Q 8
vrf forwarding General-Users
ip address 10.0.12.2 255.255.255.0
ipv6 address FE80::2:2 link-local
ipv6 address 2001:DB8:ACAD:12::2/64
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.1
encapsulation dot1Q 13
vrf forwarding Special-Users
ip address 10.0.23.2 255.255.255.0

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 18 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

ipv6 address FE80::2:3 link-local

ipv6 address 2001:DB8:ACAD:23::2/64
!
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 8
vrf forwarding General-Users
ip address 10.0.23.2 255.255.255.0
ipv6 address FE80::2:4 link-local
ipv6 address 2001:DB8:ACAD:23::2/64
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route vrf General-Users 10.0.108.0 255.255.255.0 10.0.12.1
ip route vrf General-Users 10.0.208.0 255.255.255.0 10.0.23.3
ip route vrf Special-Users 10.0.113.0 255.255.255.0 10.0.12.1
ip route vrf Special-Users 10.0.213.0 255.255.255.0 10.0.23.3
!
ipv6 route vrf General-Users 2001:DB8:ACAD:108::/64 2001:DB8:ACAD:12::1
ipv6 route vrf Special-Users 2001:DB8:ACAD:113::/64 2001:DB8:ACAD:12::1
ipv6 route vrf General-Users 2001:DB8:ACAD:208::/64 2001:DB8:ACAD:23::3
ipv6 route vrf Special-Users 2001:DB8:ACAD:213::/64 2001:DB8:ACAD:23::3
!
control-plane
!
banner motd ^C R2, ENCOR Skills Assessment, Scenario 2 ^C
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end

Router R3
R3# show run
Building configuration...

Current configuration : 2434 bytes

!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 19 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

no platform punt-keepalive disable-kernel-core

!
hostname R3
!
boot-start-marker
boot-end-marker
!
vrf definition General-Users
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition Special-Users
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 $9$PwSQjbwwojphpx$kxgrCz2K13dVjqVMGVfM1OkVGxXrjPNlKnV1o3abOTM
!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
!
no ip domain lookup
!
login on-success log
!
subscriber templating
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9
$9$ILYL84y3fxGxkx$WJfkbltPJt6.SeJjc6/VqwkVwTimtfdZX6qMMZOh0TI
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
no ip address

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 20 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

negotiation auto
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 13
vrf forwarding Special-Users
ip address 10.0.23.3 255.255.255.0
ipv6 address FE80::3:1 link-local
ipv6 address 2001:DB8:ACAD:23::3/64
!
interface GigabitEthernet0/0/0.2
encapsulation dot1Q 8
vrf forwarding General-Users
ip address 10.0.23.3 255.255.255.0
ipv6 address FE80::3:2 link-local
ipv6 address 2001:DB8:ACAD:23::3/64
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.1
encapsulation dot1Q 13
vrf forwarding Special-Users
ip address 10.0.213.1 255.255.255.0
ipv6 address FE80::3:3 link-local
ipv6 address 2001:DB8:ACAD:213::1/64
!
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 8
vrf forwarding General-Users
ip address 10.0.208.1 255.255.255.0
ipv6 address FE80::3:4 link-local
ipv6 address 2001:DB8:ACAD:208::1/64
!
interface Serial0/1/0
no ip address
!
interface Serial0/1/1
no ip address
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route vrf General-Users 0.0.0.0 0.0.0.0 10.0.23.2
ip route vrf Special-Users 0.0.0.0 0.0.0.0 10.0.23.2
!
ipv6 route vrf General-Users ::/0 2001:DB8:ACAD:23::2
ipv6 route vrf Special-Users ::/0 2001:DB8:ACAD:23::2
!
control-plane

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 21 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

!
banner motd ^C R3, ENCOR Skills Assessment, Scenario 2 ^C
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end

Switch D1
D1# show run
Building configuration...

Current configuration : 6728 bytes

!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D1
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 $9$KO1AyAeTmlkCWU$BjMAxCL19u6FHKKf/81lRNmFhlBHC.rR0Bbw7.i9iNA
!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3650-24ps
!
ip routing
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 22 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 secret 9
$9$x8R/b5GOdIKyqU$ewYxQctKHyXyOSHvPXM6.WvzvhfrIkCoxPygXDmyTxQ
!
redundancy
mode sso
!
transceiver type all
monitoring
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception,
NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 23 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

description Routing control and Low Latency

class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface Port-channel1
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
shutdown
!
interface GigabitEthernet1/0/2
shutdown
!
interface GigabitEthernet1/0/3
shutdown
!
interface GigabitEthernet1/0/4
shutdown
!
interface GigabitEthernet1/0/5
switchport mode trunk
channel-group 1 mode desirable
!
interface GigabitEthernet1/0/6
switchport mode trunk
channel-group 1 mode desirable
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 24 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

interface GigabitEthernet1/0/11
switchport mode trunk
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!
interface GigabitEthernet1/0/19
shutdown
!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/24
shutdown
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 25 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

interface GigabitEthernet1/1/4
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C D1, ENCOR Skills Assessment, Scenario 2 ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end

Switch D2
D2# show run
Building configuration...

Current configuration : 6653 bytes

!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname D2
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 26 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

exit-address-family
!
enable secret 9 $9$wOqJe6W8Yasi9k$7Mq8sTne4AGIivudnv6v4G.e30OcRAuXoSGcAa0DohY
!
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3650-24ps
!
ip routing
!
no ip domain lookup
!
login on-success log
ipv6 unicast-routing
!
license boot level ipservicesk9!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 secret 9
$9$1q0osHH4lstBHU$1DhwuWo4f1j.rLppTRRsOB86WpZaJIHSeukQ1a4uPA6
!
redundancy
mode sso
!
transceiver type all
monitoring
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception,
NFLSAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 27 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

description MCAST END STATION

class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
shutdown
!
interface GigabitEthernet1/0/2
shutdown
!
interface GigabitEthernet1/0/3
shutdown
!
interface GigabitEthernet1/0/4
shutdown
!
interface GigabitEthernet1/0/5
shutdown
!
interface GigabitEthernet1/0/6
shutdown
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 28 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

shutdown
!
interface GigabitEthernet1/0/9
shutdown
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
switchport mode trunk
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
interface GigabitEthernet1/0/15
shutdown
!
interface GigabitEthernet1/0/16
shutdown
!
interface GigabitEthernet1/0/17
shutdown
!
interface GigabitEthernet1/0/18
shutdown
!
interface GigabitEthernet1/0/19
shutdown
!
interface GigabitEthernet1/0/20
shutdown
!
interface GigabitEthernet1/0/21
shutdown
!
interface GigabitEthernet1/0/22
shutdown
!
interface GigabitEthernet1/0/23
switchport access vlan 13
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/24

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 29 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

switchport access vlan 8

switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip http server
ip http secure-server
!
control-plane
service-policy input system-cpp-policy
!
banner motd ^C D2, ENCOR Skills Assessment, Scenario 2 ^C
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end

Switch A1
A1# show run
Building configuration...

Current configuration : 1926 bytes

!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A1

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 30 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

!
boot-start-marker
boot-end-marker
!
enable secret 9 $9$a7qnivVydjhJqa$ehWSSxHj7jf6s7gjbuVc4PLGJY0dv2k.VtPqL1cn0vs
!
username admin privilege 15 secret 9
$9$itvXO10OdR7sMq$9ffgjFDlEL2j8T3040Eb21fA/2Cyjb2tHF5rZrWtZKY
aaa new-model
!
aaa authentication login default local
!
aaa session-id common
system mtu routing 1500
!
no ip domain-lookup
ipv6 unicast-routing
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport mode trunk
!
interface FastEthernet0/1
switchport mode trunk
channel-group 1 mode desirable
!
interface FastEthernet0/2
switchport mode trunk
channel-group 1 mode desirable
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 31 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
switchport access vlan 8
switchport mode access
spanning-tree portfast edge
!
interface FastEthernet0/24

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 32 of 33 www.netacad.com
ENCOR Skills Assessment (Scenario 2)

shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
no ip address
!
ip http server
ip http secure-server
!
banner motd ^C A1, ENCOR Skills Assessment, Scenario 2 ^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 33 of 33 www.netacad.com